The goal of every validation process in a distributed system is the ability to assess the validity and chronological ordering of states, hence to verify the correctness with respect to the protocol rules of the state transitions that have occurred.

In Bitcoin Blockchain, for instance, this process is meant to verify the correctness of the changes in the UTXO set determined by the transactions collected into the sequence of ordered blocks. Thus, every block represents a state update.

The main drawback of Layer 1 validation process is that each node has to validate each transaction from everybody and store the related data once block inclusion takes place. This architecture leads to two main issues:

• Scalability: the size limit of the blocks vs. the demand of blockspace per unit time shared by all willing participants limits the transaction throughput (i.e. a maximum of 1 MB on ~10 minutes on average on bitcoin, taking into account witness discount).

• Privacy: details of each transaction are broadcasted and stored in public form (in particular: the amounts transacted and the receiving addresses, although pseudonyms).

However, from the point of view of the recipient of a transaction, the only aspects that matter are:

• The last state transition motivated by a transaction addressed to him.

• The chronological sequence of transactions (and thus state transitions) leading up to the last state transition.

Basically, what is relevant to the recipient is the Directed Acyclic Graph which connects the history of the state transitions from the Genesis to the last state addressed to him (a Shard of the whole data).

For this reason, the logic of validation can be reversed in the following terms:

• Each part validates its own part of the history and thus the digital properties that matters to him.

• A compact reference of the validated state transition is committed in the 1st layer to be timestamped. This construction constitutes a Proof-of-Publication and acts as an anti double-spending measure.

Client-side Validation ensures that the following properties are met:

• Scalability: since the commitment of the verified state, which must be stored by all, has, at least, a small footprint (order of tens of bytes), or, in some commitment scheme, no additional footprint in respect to an ordinary transaction.

• Privacy: using a one-way cryptographic hash function (such as SHA-256), the original data (the pre-image) that produced the commitment cannot be reconstructed and, moreover, it is kept private by the parties.

The commitment structure used in Client-Side Validation (as in the RGB protocol, which we will cover in detail later) allows for important additional scalability features:

• Aggregate state transitions of different contracts (e.g., two different contracts related to 2 different digital assets committed in a single bitcoin transaction).

• Bundle more than one state transition of the same asset in the same client-side operation.

Anchor structures provide the deterministic link between the single-use seal and the client-side data that represent the message to which the single-use seal is closed around.

In order to guarantee the efficacy of the commitment scheme and precise chronological ordering derived from the 1st layer, the use of a new cryptographic primitive needs to be introduced: the Single-use Seal.